Data protection policy
In compliance with the EU Regulation 2016/679 General Data Protection Regulation, (hereinafter, “GDPR”) and the Organic Law 3/2018 of December 5, 2018, on the Protection of Personal Data and guarantee of digital rights (hereinafter “LOPDGDD”), the user (hereinafter, “User”) is hereby informed about the way in which his personal data will be processed through the iNuba App (hereinafter, “App”).
- DATA CONTROLLER
Owner: 3DHealthAI, S.L. (hereinafter, “iNuba”)
Registered Office: Polígono Industrial Los Vientos, Calle Levante S/N 46119 Náquera, Valencia
Email DPO: [email protected]
- CATEGORIES OF DATA COLLECTED, PURPOSES OF PROCESSING AND LEGITIMACY BASES
2.1 User registration
The user must fill in the registration form, as well as general questions to know your lifestyle. Specifically, the following type of personal data will be collected:
Identification data: name and surname.
Contact data: e-mail address.
Personal characteristics data collected through general questionnaires: among others, ethnic origin, objective, lifestyle, type of activity, frequency of activity.
The personal data requested at the time of user registration are strictly necessary to know the physical and circumstantial characteristics of the person concerned. Failure to provide such data will prevent the user from using the services offered by the App.
Likewise, for the correct functioning of the App and optimal provision of the services, the User must provide special category data in accordance with the provisions of the GDPR, including health and ethnic/racial origin data. Consequently, the App will request the User’s authorization for the processing of such personal data.
In case of not authorizing the processing of health data, the User will not be able to use the services of the App.
At the time of registration of the App, and after obtaining the corresponding permissions, the App may access personal data of the Users included in the public profiles of Facebook or Google. Specifically, identification data, where appropriate, name and surname, URL of the photo and nickname, and additionally, the email. Although iNuba has access to such data, it will only process the data relating to email.
The processing of the user’s personal data in this first phase of the user’s registration will be carried out on the basis of the execution of the contractual relationship and, where appropriate, on the basis of the user’s consent for the purposes for which it is collected.
2.2 App Usage
In order to benefit from the services offered by the App, iNuba processes the following categories of personal data of the users: identification, personal characteristics, as well as health data (diseases, intolerances, allergies, muscle mass, BMI, physiognomy, among others), ethnic/racial data, location data, contacts, email and authentication credentials.
Likewise, if the App user has undergone the iNubaBox scanner, or the service of generating a 3D avatar with a mobile device, the data obtained through the said scanner, or the use of the mobile device, will be synchronized with the App which, as a consequence, will additionally process among others, the following data: % muscle mass, % fat mass, % intracellular water, etc., the image processing to make the 3D reconstruction of the user, as well as the perimeters calculated from the 3D reconstruction (neck, chest, waist, high thigh, low thigh, etc.). If the user has not undergone the scanner or the 3D avatar generation service with a mobile device, he/she can voluntarily enter the perimeters of certain parts of his/her body. In the case of the 3D avatar generated with a mobile device, the avatar with the user’s body silhouette is generated directly by the artificial intelligence of the system, without the iNuba technical team having to access the images of the video recorded by the user. The technical team will only access the video images in case the 3D avatar is not generated correctly, in order to verify whether or not the user has correctly followed the instructions of the tutorial. The user expressly authorizes the iNuba team to access the images of the recorded video for this purpose.
Furthermore, iNuba may ask the user to provide additional data such as, among others; lifestyle (sedentary, active, very active) chronic diseases (diabetes, hypertension…), intolerances (gluten, nuts…), daily sports activity (frequency of training). These data will be used to better adapt nutrition and training plans to the needs of each user.
The aforementioned personal data will be processed in general for the following purposes:
Designing personalized training and nutrition plans tailored to the user according to the parameters previously described and registered in the App.
Conducting analysis of behavioral patterns and lifestyle/habits.
Realization of personalized marketing campaigns.
The use of the App may involve access and interconnection with information from other applications with prior consent of the User, such as Apple Health, Google Fit. These tools provide useful data on the distance traveled by the user, the time spent on the route, the average speed, the evolution of their constants, for the purpose of, among others, to develop nutrition programs and / or training tailored to the possibilities and needs of the client User.
Likewise, after obtaining the appropriate permissions, iNuba App will be able to access the location data, access to the camera and gallery of the User’s device while the User is using the App. The User will be able to modify his preferences through the settings of his device.
Also, the use of the App, subject to authorization and consent by the User, may involve the connection with other devices such as Garmin, Polar, Samsung, Apple, etc. (wearables). This connection is made through the Thryve tool (belonging to an intermediate company of German nationality and located in the EU). The categories of data that we will be able to access, subject to your authorization, will be the following: physical characteristics (height, weight, etc.) sports activities and physical exercise performed (steps, distances, etc.) health data (Kcal, stress, sleep habits, heart rate, pulse, blood pressure, bone mass and lean and muscle mass data, menstrual cycle, and nutritional data, etc.), as well as environmental data.
In the mobile 3D service, for the creation of a 3D avatar we will be able to process data from a full body video of the user in order to obtain metrics and provide a health report in the iNuba App. We will access the images in case the avatar is not generated correctly due to some kind of technical failure or failure to properly follow the instructions in the tutorial. We will need to access the recording to review what may have happened, learn from common failures and provide the user with a second avatar.
In addition, iNuba may use devices to monitor the user, including their physical activity, physical progress and habits, among others. This information will be processed in order to provide the services offered through the App, and to perform statistical analysis that allows the entity to adjust and improve such services to the needs of users.
The legitimate basis for the processing of user data in the use of the App is the execution of the contractual relationship and, where appropriate, the consent for the purposes for which it is collected.
2.3 Payment of the service through the App
iNuba provides both free and paid services, which are clearly identified in the App itself. In the case of paid services, the price includes VAT.
For the purpose of enabling the payment of the services provided in the App, the data relating to the bank card will be processed in order to manage the payment of the subscription to the App. In this regard, we inform you that iNuba will not directly process the payment data, but the payment gateway provider will have access to such data.
The processing of personal data for the written purpose is necessary for the execution of the contractual relationship.
2.4 Conducting statistical analysis
iNuba will perform statistical analysis using categories of data such as most common diseases of the users, health goals, preferences, lifestyles/habits, in order to carry out profiling of the users.
This processing will be carried out based on iNuba’s legitimate interest in detecting new opportunities to increase the volume of customers, targeting commercial strategies, as well as understanding customer behavior patterns in order to create a more personalized and attractive communication.
Furthermore, the data used for statistical analysis will be used anonymously.
At any time, users may object to the processing of their data for statistical purposes by sending their request to the e-mail address available in the “Rights” section of this data protection policy.
- CONSERVATION OF THE DATA
Personal data will be kept for the time necessary to fulfill the purpose for which they are collected, during the maintenance of the contractual relationship, as well as for the time necessary to determine the possible responsibilities that may arise from the purposes.
However, with regard to the processing of the images, they are made to make the reconstruction of the user in 3D, so that, once completed, these images are deleted, and iNuba does not keep them.
Likewise, in case the user wishes to cancel his account, he will be able to download all the data he has generated or stored during the use of the iNuba App. Once the account has been cancelled, iNuba will delete all user data.
The uninstallation of the App does not lead to the deletion of the User’s data, therefore, in case the User wishes the deletion of his/her personal data, he/she must exercise the right of deletion in accordance with the instructions described in section 7 of this data protection policy.
Personal data may be disclosed in order to comply with a legal obligation and / or upon legal, judicial or administrative requirement, for example, to law enforcement agencies, the Courts and Tribunals or the Spanish Data Protection Agency.
Also, iNUBA, in some cases, may provide services to third party companies and, therefore, to its customers, sharing the personal data of such customers obtained through iNubaBox and the iNuba app.
For the connection with other devices such as Garmin, Polar, Samsung, Apple, etc. (wearables) we use the Thryve tool (belonging to the German company “Health Pioneers GmbH”, domiciled in Berlin). This company acts as Data Processor and has signed the corresponding data processing contract in accordance with art. 28 RGPD.
- INTERNATIONAL DATA TRANSFERS
iNuba informs you that it engages third parties who, for the provision of certain services, such as computing algorithms and calculating user metrics, in their capacity as data processors, may have access to your personal data. These third parties are located outside the European Economic Area, specifically in the USA, whose country does not currently have an adequate level of protection according to the European Commission.
Notwithstanding the foregoing, both access to personal data and the international transfers themselves are regularized through the adoption of appropriate safeguards, such as the signing of the corresponding standard contractual clauses adopted by the European Commission, as well as through the assignment agreement, in accordance with data protection regulations, to which you may have access upon request.
- PRIVACY NOTICE FOR UNDERAGE USERS
At any time, the user may exercise their rights of access, rectification, deletion, opposition, limitation and portability of their data by sending their request to the following email address [email protected] or by post to the following address, Polígono Industrial Los Vientos, Calle Levante S/N, under the reference subject: “Data Protection”.
Regarding the right of deletion, in the event that the user cancels his account in iNuba, he will be able to download all the data which has been generated during his use of the application, iNuba immediately deleting the user’s data once the account has been canceled.
Likewise, the User may revoke his consent to receive personalized electronic commercial communications as described in section 2.5 of this data protection policy, by unsubscribing, following the instructions found in the footer of each electronic commercial communication.
Likewise, the user may revoke his/her consent to profiling for direct marketing and/or statistical purposes by sending his/her request to the e-mail or postal address indicated above.
The user is informed that if he/she considers that the exercise of his/her rights has not been satisfied, he/she may file a complaint with the Spanish Data Protection Agency. More information at www.aepd.es.
Last update: October 2022